[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SAGE] RH directory server or IBM TDS and directory structure in a fairly complex environment
- To: "Erling Ringen Elvsrud" <erlingre@xxxxxxxxx>
- Subject: Re: [SAGE] RH directory server or IBM TDS and directory structure in a fairly complex environment
- From: "Nathan Hruby" <nhruby@xxxxxxx>
- Date: Tue, 15 Jan 2008 09:21:21 -0600
- Cc: sage-members@xxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=kJKrY+0biCop1RiXOSZ0j7fZCa+WOY70zhnSgG76rMU=; b=wo15hEhed7/NLyoQhkgo7dWs16Un+qj6zYNg4JkjJv67yF/YxYL4zwNC+JCv5Mwdd97FqwKJdV/2OXPv9w/yyy+IZc36of/2aTsCBuaGw9C+YgrK3ZJGZyhE/StMqInWrLzREoO1ufYtp3d0jscIUxbGYS0fJrBaGf19ESPNj9E=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=BpNwMVB14YQLyBqK6qEL4wf/vHr32y82Od5uYTczYa1tWONddvGehW3HLpG/86q3sP7GLAuc3WCcm2FSxW8gwaQ49XSDSs1O0ikVp3Y3rmvy6zyt1qbWTcqWi/AxpgiNz+dFhqMxruk8ysMhdyVHLGjZgnqrZaX5ZyQPx/oQIYM=
- In-reply-to: <664c5a070801150350o531c2cdel4a8c57f55d6b63f9@xxxxxxxxxxxxxx>
- References: <664c5a070801150350o531c2cdel4a8c57f55d6b63f9@xxxxxxxxxxxxxx>
- Sender: owner-sage-members@xxxxxxxxxx
On Jan 15, 2008 5:50 AM, Erling Ringen Elvsrud <erlingre@xxxxxxxxx> wrote:
> Hello list,
>
> I work for a fairly large organization and will probably be involved
> in planning, installing and maintaining
> a LDAP based directory service this year. The directory will be
> mainly used to authenticate developers and systems administrators that
> need to access RH Linux servers (and also maybe HP-UX in the future).
> Microsoft AD is used elsewhere in the organization to authenticate
> users of Windows based desktop computers. The best solution would
> be to use AD to authenticate users of Unix computers as well, but I'm
> not sure if it is possible to make that solution work.
Depending on your AD forest and how willing your AD admins are to
working with you, this is a perfectly viable option. Samba offers the
winbind daemon which can talk to AD, and in AD 2003-r2 they've fixed a
good number of the compatibility issues between windows and
non-windows hosts. There are also several companies that offer
integration solutions for Unix+AD.
I'll warn against "having another directory" unless you plan to keep
the two in-sync. Multiple identity stores in a large organization
never ends up helping.
Here are a few links that may (or may not) be helpful:
- http://www.quest.com/landing/?ID=1025&AdCode=GoogleAdTextADtoUnixLinuxJava06052007
- http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-server-2003-r2-revisited/
- http://gentoo-wiki.com/HOWTO_Active_Directory_with_Samba_and_Winbind
-n
--
-------------------------------------------
nathan hruby <nhruby@xxxxxxxxx>
metaphysically wrinkle-free
-------------------------------------------